Method and system for connecting mobile client devices to the internet

ABSTRACT

An arrangement is disclosed for connecting mobile client devices MT to the Internet, or other IP based networks, using WPAN and WLAN infrastructures or certain cellular systems like GPRS. This is achieved substantially seamlessly by providing a routing mechanism (IP-IP Tunnel 14) that allows mobile client devices like Personal Digital Assistants (PDAs) to connect to an application server  10  using a plurality of communications standards depending on the available infrastructure, e.g. GPRS, IEEE802.11b or Bluetooth wireless standards.  
     The arrangement proposed is a Layer  2  technique suitable for general use, in which the mobile client device MT and the server  10  are arranged in use to communicate at the network layer through an Internet Protocol tunneling technique, such that an Internet Protocol address of the mobile client MT remains the same during a handover from a first communications standard to a second communications standard.

The present invention relates to Internet Protocol (IP) basedcommunication arrangements and in particular, but not exclusively, to anInternet Protocol based communication arrangement in which an InternetProtocol compatible network can be accessed substantially seamlesslyusing a plurality of communications standards.

Connectivity to the Internet, or another IP-based network, can beachieved by client devices such as Personal Digital Assistants (PDAs),laptops and mobile phones using different access networks such asWireless Local Area Networks (WLAN), Wireless Personal Area Networks(WPAN) or cellular systems like Generalized Packet Radio System (GPRS).

The rapid diffusion of wireless access technologies (IEEE802.11,Bluetooth™ and GPRS) makes it possible for portable/mobile clientdevices like PDAs to be connected to services on the Internet while inan office or on the move. While combined products like WLAN/GPRS cardsare appearing, seamless roaming across different technologies is stilluncommon.

Some devices do, however, already have the capability of using more thanone wireless communications standard or network to gain access to theInternet. One example is a GPRS phone with Bluetooth support: when usedinside a building, Bluetooth network access points can forward trafficbetween the mobile phone and the Internet, while the GPRS standardoffers the same functionality outdoors at a lower speed. This trend ispredicted to continue, as more wireless standards are likely to becomeavailable that offer diversified characteristics and costs. The Internetor other IP-based networks will thus be accessed by a variety ofwireless devices that need to be connected and reachable.

The Internet Engineering Task force (IETF) is developing protocols formobility of Internet hosts, as discussed in:

-   -   (1) IETF Mobile IP WG,        http://www.ietf.org/html.charters/mobileip-charter.html    -   (2) K. El Malki et al., “Low Latency Handoffs in Mobile IPv4”,        http://www.ietf.org/internet-drafts/draft-ietf-mobileip-lowlatency-handoffs-v4-03.txt        (work in progress)    -   (3) G. Dommeti et al., “Fast Handovers for Mobile IPv6”,        http://www.ietf.org/internet-drafts/draft-ietf-mobileip-fast-mipv6-03.txt        (work in progress).

These proposals are not finalized at the time of writing. Furthermore,the above protocols (Mobile IP and its improvements) will have to relyon lower layer capabilities, which are not standardized either. MobileIP (1) is a protocol to support network mobility. Its main features are:

-   -   1) Transparency for upper layer.    -   2) Interoperability with IPv4: an application can transmit data        to another one using IPv4 addresses only.    -   3) Scalability: Mobile IP can work with a small LAN or a large        WAN.    -   4) Security: this protocol provides some instruments to        authenticate the message and protect the data on the network.    -   5) Macro-mobility: it works when the mobile terminal movements        are not frequent, for instance it cannot efficiently support a        mobile terminal that changes its access point every three        minutes (typical value of GSM system).

Mobile IP has been designed for large-scale mobility and is hence toocomplex to fit the needs of some vertical markets, e.g. where theapplication provider controls access to its services includingauthentication and authorization of clients.

Generally speaking, mobility increases security risks that are alreadyintrinsically present in the wireless access and in the Internetarchitecture. The terminal should ideally prevent unauthorized access tothe server as well as attacks that result in denial of service. MIPv4 isnot considered a secure solution since it is relatively easy to fakelocation binding updates, causing the traffic to be unduly redirected toa different client. Security can be enforced at different layers, fromthe link to the application layer, with different implications on thesystems architecture, overall performance and complexity.

It is an object of the present invention to provide improved InternetProtocol based communication arrangements and in particular, but notexclusively, to provide an efficient arrangement for mobile devices toswitch from one network access standard to another depending on theavailable network infrastructure (either wireless or wired).

Accordingly, the present invention provides a communications systemcomprising:

-   -   a) an Internet Protocol compatible communications network;    -   b) a client device arranged in use to connect to said network in        accordance with one of a plurality of communications standards        and to change between said communications standards under        predetermined circumstances; and    -   c) a server arranged in use to couple to said network so as to        communicate with said client device,    -   wherein said client device and said server are arranged in use        to communicate at the network layer through an Internet Protocol        tunneling technique, such that an Internet Protocol address of        said client device remains the same during a handover from a        first said communications standard to a second said        communications standard. Said communications standards may be        wireless or wired standards and said client device may comprise        a mobile or portable device.

Said Internet Protocol tunneling technique may differentiate between anInternet Protocol address used to connect said client device to a subnetand an Internet Protocol address used to connect said client device tosaid server.

Said Internet Protocol tunneling technique may encapsulate one InternetProtocol datagram within another Internet Protocol datagram.

A server endpoint of said Internet Protocol tunneling technique may besubstantially fixed and a client device endpoint may be changeable as aresult of roaming.

Said Internet Protocol tunneling technique may maintain one InternetProtocol address for applications and may rely on dynamically allocatedInternet Protocol addresses for carriage of traffic.

Network structure of bearers of at least two said communicationsstandards may be generally unrelated.

A said predetermined circumstance initiating a said change between saidstandards may comprise at least one of usage cost, bandwidthavailability, received signal strength, link quality, link availability,signal-to-noise ratio, power consumption or explicit user intervention.

A transition between two said communications standards may be performedwith reconfiguration of the network layer.

A link layer handover for each of two said communications standards,between said client device and a network unit such as an access point,may be unrelated at the driver level and said link layer handover may beperformed independently for each said standard.

Said client device may be automatically assigned a new Internet Protocoladdress during a vertical handover between two said communicationsstandards, for example during inter-subnet roaming.

Preferably, no new Internet Protocol address may be assigned to saidclient device in the event that the or each network access point used bysaid client device before and after a said vertical handover between twosaid communications standards belong to the same Internet Protocolsubnet. For example, in the event of intra-subnet roaming or in theevent of a switch between a Wireless Personal Area Network (WPAN) and aWireless Local Area Network (WLAN). When access points belong to thesame LAN segment, the IP address of the device preferably remainsunchanged.

Said system may further comprise a routing manager adapted to monitorwhich one or more of said communications standards is available for useand to make decisions on switches between communications standards usedbased on said monitoring.

Said routing manager may make a said decision on the basis of at leastone of an input from a lower layer, on the location of said clientdevice or on user requirements.

Each said communications standard may access said network through anindividual interface and said routing manager may be adapted todeactivate one or more of said interfaces at least temporarily underpredetermined conditions, for example to achieve a power saving.

Said system may further comprise a security arrangement adapted to allowonly authorized client devices to access said network, said securityarrangement preferably including one or more of the following:

-   -   a) applications based on a secure data transfer such as Secure        Socket Layer (SSL);    -   b) location updates protected using secure data transfer such as        Secure Socket Layer (SSL) applied to HyperText Transfer Protocol        messages (HTTPS);    -   c) access to the network is controlled, e.g. involving user        authentication and/or verification, an example would be access        points connected to a RADIUS server and GPRS SIM card based        security; and    -   d) firewalls used whenever access networks for a said        communications standard need to connect to the Internet, or        other Internet Protocol based networks.

A said communications standard may define a wireless access protocol.The wireless access protocol may be based on any suitable wirelessaccess system, e.g. Frequency Division Multiple Access (FDMA), CodeDivision Multiple Access (CDMA), Time Division Multiple Access (TDMA),Time Division Duplex (TDD), Orthogonal Frequency Multiple Access (OFDMA)or combinations of these such as CDMA/FDMA, CDMA/FDMA/TDMA, FDMA/TDMA.As a specific example, one of IEEE 802.11b, Bluetooth and GPRS may beselected.

The present invention also provides a method of performing communicationin an Internet Protocol compatible network, the method including:

-   -   a) coupling a client device to said network in accordance with        one of a plurality of communications standards and changing        between said communications standards under predetermined        circumstances;    -   b) coupling a server to said network for communicating with said        client device; and    -   c) communicating between said client device and said server at        the network layer through an Internet Protocol tunneling        technique, keeping an Internet Protocol address of said client        device the same while handing over from a first said        communications standard to a second said communications        standard. Said communications standards may comprise wireless or        wired standards.

The present invention also provides a software product having encodedthereon an executable program adapted to enable implementation of amethod including the steps recited above in the method of the invention.

The present invention also provides a client device for use in a systemaccording to the present invention or in a method according to thepresent invention, said client device being adapted to communicate withsaid server in accordance with one of a plurality of communicationsstandards and to change between said standards under predeterminedcircumstances, said communication being performed by means of anInternet Protocol tunneling technique, said client device preferablycomprising a mobile terminal such as a Personal Digital Assistant (PDA),a lap-top computer or a mobile telephone.

The present invention also provides a server, for use in a systemaccording to the invention or in a method according to the invention,said server being adapted to communicate with one or more said clientdevices in accordance with one of a plurality of communicationsstandards and to control changes between said standards underpredetermined circumstances, said communication being performed by meansof an Internet Protocol tunneling technique.

FIG. 1 is a schematic overview of a communications system according toan embodiment of the invention;

FIG. 2 is a block diagram of the system of FIG. 1;

FIG. 3 is a schematic diagram of an Internet Protocol tunnelingtechnique (IP-IP Tunnel) employed in an embodiment of the presentinvention;

FIG. 4 is a class diagram of the main functional blocks in a systemaccording to an embodiment of the present invention;

FIG. 5 is a sequence diagram of initial access by a client device to aserver of the system of FIG. 1; and

FIG. 6 is a sequence diagram of a vertical handover betweencommunications standards employed in the system of FIG. 1.

The present invention will now be described with reference to certainembodiments and with reference to the above mentioned Figures. Suchdescription is by way of example only and the present invention is notlimited thereto. The term “comprising”, e.g. in the claims, does notexclude other elements or steps and the indefinite article “a” or “an”before a noun does not exclude a plurality of the noun unlessspecifically stated. With respect to several individual items, e.g. achannel decoder, channel equalizer, or items given an individualfunction, e.g. a channel decoding means, channel equalizing means, theinvention includes within its scope that a plurality of such items maybe implemented in a single item, e.g. in a processor with relevantsoftware application programs to carry out the function.

In the present invention reference is made to a client device arrangedin use to connect to a network in accordance with one of a plurality ofcommunications standards. The term “plurality of communicationsstandards” when referred to a client device means to a skilled person amulti-mode terminal. Such a multi-mode terminal could be a PDA with aso-called combination chipset or “combo” card, i.e. a card that providesthe functionality to the device of Bluetooth, IEEE802.11b and GSM/GPRStransceivers. A “standard” used in communications arrangements maycomprise a technical guideline advocated by a recognized organization,which may comprise for example a governmental authority or noncommercialorganization such as the IETF, ETSI, ITU or IEEE, although not limitedthereto. Standards issued or recommended by such bodies may be theresult of a formal process, based for example on specifications draftedby a cooperative group or committee after often intensive study ofexisting methods, approaches and technological trends and developments.A proposed standard may later be ratified or approved by a recognizedorganization and adopted over time by consensus as products based on thestandard become increasingly prevalent in the market. Such less formalsetting of a “standard” may further encompass technical guidelinesresulting from implementation of a product or philosophy developed by asingle company or group of companies. This may particularly be the caseif, through success or imitation, such guidelines become so widely usedthat deviation from the norm causes compatibility problems or limitsmarketability. The extent to which a piece of hardware conforms to anaccepted standard may be considered in terms of the extent to which thehardware operates in all respects like the standard on which it is basedor designed against. In reference to software, compatibility may beconsidered as the harmony achieved on a task-orientated level amongcomputer elements and programs. Software compatibility to a standard maytherefore also be considered the extent to which programs can worktogether and share data.

Referring to the Figures, according to the present invention a userequipment is provided with mobility, i.e. it may be represented by amobile terminal MT, able to connect to a well-known and properlyconfigured server 10 through multiple communications standards, as mightbe found in certain vertical market contexts (e.g. financialinstitutes). The wireless access protocol may be based on any suitablewireless access system, e.g. Frequency Division Multiple Access (FDMA),Code Division Multiple Access (CDMA), Time Division Multiple Access(TDMA), Time Division Duplex (TDD), Orthogonal Frequency Multiple Access(OFDMA), Coded Orthogonal Frequency Multiple Access (COFDMA) orcombinations of these such as CDMA/FDMA, CDMA/FDMA/TDMA, FDMA/TDMAsystems. As a specifically useful example, one of IEEE 802.11b,Bluetooth and GPRS may be selected. It will also be appreciated,however, that other wireless or wired standards (Ethernet, Token Ring)may be employed. General information on wireless protocols may be foundin “OFDM for wireless multimedia communications”, by Richard van Nee andRamjee Prasad, Artech House, 2000; Wideband CDMA for third generationmobile communications”, by Tero Ojanperå and Ramjee Prasad, ArtechHouse, 1998, “Personal Wireless Communication with DECT and PWT”, byJohn Phillips and Gerard Mac Namee, Artech House, 1998, CDMA forwireless personal communications”, by Ramjee Prasad, Artech House, 1996;Cordless telecommunications Worldwide”, by Walter Tuttlebeee, Springer,1997 and similar standard texts.

The present invention provides a routing solution for seamless standardsswitching between different interfaces on the client device MT. Theproblem involves up to three OSI layers (PHY, Link Layer and Network).The embodiments discussed herein will concentrate on mobility support ina restricted scenario in which control by the service provider reaches,besides the client device MT equipped with the three above-mentionedstandards, an end server 10 from where data contents are retrieved orwhere proxy techniques can be implemented. This server 10 may thenprovide full access to the Internet or other IP-based network, alongwith billing, collection of statistics, firewalling and authentication.

In a typical embodiment, the server can be reached using Wireless LANinfrastructure or Bluetooth access points while in the corporate office,or cellular access like GPRS or UMTS while on the move. The clientdevice may be a mobile terminal in the form of a Personal DigitalAssistant (PDA) or PocketPC™, in which case Bluetooth access may bepreferable to WLAN because of power consumption issues while GPRS canalways be an available backbone where no other access points provideradio coverage. The network that connects the access points in thecorporate scenario may include several IP subnets connected together byrouters (optionally by a Virtual private Network (VPN) on the publicInternet). The point of connection of the corporate network to theInternet (ingress router) is preferably always protected by one or moresoftware and/or hardware firewalls and the mobile terminal shouldpreferably take consequent limitations into account without requiringany special policy in the firewall configuration. In the corporateinfrastructure, a RADIUS server may be used to control access of mobileterminals. It is also assumed that a DHCP infrastructure may bedeployed, so that mobile terminals can be assigned a leased IP address.In the user's terminal, the criteria used to select one wireless accesstechnology instead of another may vary depending on usage scenarios. Theuser may for example set his preference using a dedicated configurationtool in the mobile terminal.

Referring now in particular to FIG. 1, a client device that is under thecontrol of a mobile end user is equipped with a number of threedifferent wireless technologies: IEEE 802.11b, Bluetooth and GPRS, thatis it is a multi-mode user equipment. The client device has mobility andis preferably portable by the user and will be referred to forconvenience as a mobile terminal MT. The skilled person will appreciatethat for mobility, portability is not a necessary requirement. On themobile terminal MT, applications such as web browsers connect via acommunications protocol, especially a layer 1 or layer1/layer2 protocol,e.g. a standard TCP/IP protocol, to a fixed server 10 that is underadministrative control by a service provider. Depending on predeterminedconditions, which might include location, bandwidth requirements andpower consumption, the mobile terminal MT may want or need to switchbetween these plurality of different wireless interfaces, or suchinterfaces as might be appropriate for a different wireless or wiredstandards being used for this embodiment.

Bluetooth™ is indicated when low power requirements are the mainconstraint and when mobility area is bounded, e.g. to an officeenvironment. A useful discussion of Bluetooth™ communications can befound in text book form in “Bluetooth™, Connect Without Wires” byJennifer Bray and Charles F. Sturman, published by Prentice Hall PTRunder ISBN 0-13-089840-6.

IEEE 802.11b is more suitable when wider access is needed in office orbuilding neighborhoods and higher bandwidth is desirable. Generalinformation on wireless LAN protocols and systems may be found in“Wireless LANS”, by Jim Geier, Macmillan Technical press, 1999. Whenwireless LAN resources are not available, (e.g. neither Bluetooth™ norIEEE 802.111b), then GPRS connectivity must be used.

The present invention allows seamless transition between these wirelesstechnologies without the need for upper layer reconfiguration andpreferably without affecting performance significantly. This means thefollowing is preferably implemented:

-   -   (i) Vertical handover support (Link Layer mobility)    -   (ii) IP Mobility support (Network mobility).

IP mobility support is currently the subject of intense research andmany proposals have been discussed in standardization groups. Up untilnow, however, none of them have gained widespread acceptance and noneare available universally to date. To this end, it is proposed to offera solution that involves only the mobile terminal MT and the server 10.The intermediate network does not require special or extra features toimplement the present invention, except for ordinary automatic networkconfiguration protocols such as DHCP and PPP dynamic addressconfiguration for GPRS.

Referring now also to FIG. 2, a mobile terminal MT wants to connect tothe Internet or other IP-based network while moving among areas coveredby WPAN, WLAN and cellular systems. With reference to the term “LAN” itwill be appreciated by the skilled person that any of the embodiments ofthe present invention may be implemented with a shared resources networkof which LAN (Local Area Network), MAN (Municipal Area Network), WAN(Wide Area Network), PAN (Personal Area Network), CAN (Controller AreaNetwork) are all examples and are included within the scope of thepresent invention. Once the mobile terminal MT has an ongoing sessionwith a server in the network, the session must not be interrupted whenthe mobile terminal MT switches from one access system to another.Existing TCP/IP sessions must be prevented from stalling, e.g. stoppingsuch that user intervention is needed to resume. When the verticalhandover is performed, the mobile terminal MT will most likely beassigned a new IP address, except in the particular case of a WPAN/WLANswitch where access points AP belong to the same IP subnet. It can benoted here that a portion of a network that shares a common addresscomponent may be referred to as such a subnet. On TCP/IP networks,subnets are defined as all devices whose IP addresses have the sameprefix.

The problems to solved by the present invention can therefore besummarized by the points below:

-   -   1. sensing the presence of a different wireless network        infrastructure;    -   2. deciding when to perform the vertical handover;    -   3. reconfiguring the wireless hardware so that the new wireless        infrastructure is used;    -   4. registering with the new network (including AAA);    -   5. getting a new IP address, if necessary;    -   6. handling the routing of IP packets through the new access        network and access point AP through proper signaling at the        network layer;    -   7. reconfiguring the wireless network interface so that the new        standard is used to connect to the Internet and the new IP        address is used; and    -   8. security protection should guarantee that only authorized        devices can use the service and should also prevent all denial        of service attacks. Only authorized clients should be allowed to        access the service and, once connected, they should be protected        against eavesdropping, redirection of traffic, man-in-the-middle        and as many other kinds of security attacks as possible.

The present invention focuses on the routing issues of the client/mobiledevice and on security (points 3, 4, 5 and 8), basically at the networklayer of the OSI protocol stack. An assumption is made that the lowerlayers, i.e. the wireless network interfaces, are supporting theremaining points.

Generally speaking, handover techniques for devices that exploit theInternet protocols concern the Link and the Network OSI levels. Thesegive rise to two different mobility problems that will be treatedseparately. In a scheme according to an embodiment of the presentinvention, a mobile terminal MT can connect to a server 10 located inthe Internet or other IP based network by means of a plurality ofwireless technologies, which in this embodiment are, for instance:Bluetooth™, IEEE802.11b and GPRS. The network structures of the threebearers are generally unrelated. This holds true for GPRS, whileBluetooth™ and IEEE802.11b may coexist on the same core network.

Link Layer Mobility

With regard to Link Layer mobility, Link Layer handover among units (MT,AP) configured with the same wireless technology is assumed to bealready implemented by the underlying technology. More precisely:

-   -   (1) Bluetooth™: Bluetooth Link Level mobility between Bluetooth        access points is being standardized and will be part of a future        version of the PAN profile.    -   (2) IEEE 802.11: The IEEE standard specifies the basic message        formats to support roaming at the link layer, but everything        else is left up to network vendors.    -   (3) GPRS: Roaming within GSM cells is entirely managed by the        service bearer and the mobile terminal MT is considered to be        “Always ON”.

These three handover solutions are completely unrelated to each other atthe driver level and they work independently. Switching betweendifferent technologies (Vertical Handover) is necessary when the mobileterminal MT enters an area that provides a more convenient technology interms of cost, bandwidth or power requirements, or when the technologythat is being used is no longer available (e.g. out of range). So, thesetwo things have to be defined:

-   -   Link availability test procedures.    -   Technology switching policies.

Regarding the first point, techniques that could allow access pointdetection have to be introduced. Some agent able to constantly monitordifferent technologies availability and inform the appropriate softwaremodule has to be deployed. The technologies involved are very differentand the link availability test procedure problems are hence addressed incompletely different ways.

Regarding the second point, technology switching is performed accordingto link quality and availability, together with other parameters such aspower consumption constraints. The assumption is made that each wirelessinterface can be in one of two states, ON or OFF and that it is possibleto query the radio link quality and retrieve parameters such as thereceived signal strength or signal-to-noise ratio or other indicators. Adedicated agent (RM: Routing Manager) just above the driver decideswhich technology has to be used on the basis of the inputs from thelower layers, on the location of the device and/or on user requirements.The Routing Manager RM may also decide to temporarily de-activate somewireless interfaces for power saving. The present invention proposes theallocation of a distinct interface for each of the three wirelessdevices. As will be seen later, this solution simplifies some of theissues that arise when dealing with the network mobility.

In the simplest scenario, access points AP of the same radio technologyare located on the same subnet. Eventually, Bluetooth and 802.11 accesspoints AP share the same LAN. More complicated environments that includemultiple subnets are much trickier to manage because of the need forhigher network mobility protocols that are described in the followingsub-section.

Network Mobility

In a scenario involving roaming with multiple wireless technologiesavailable, four scenarios can be identified:

-   -   1. Intra-Subnet homogeneous roaming.    -   2. Inter-Subnet homogeneous roaming.    -   3. Intra-Subnet heterogeneous roaming.    -   4. Inter-Subnet heterogeneous roaming.

Intra-Subnet roaming exists if the mobile terminal MT remains boundedwithin the same IP subnet i.e. the access points AP and the mobileterminal MT roaming between them belong to the same IP subnet and behavelike bridges. In this case, the mobile terminal MT is not assigned a newIP address when its network attachment point changes. Inter-Subnetroaming exists if the contrary holds.

Homogeneous roaming means that there is no technology switchinginvolved, i.e. the bearer does not change during the handover.Heterogeneous roaming requires wireless technology switch duringhandover.

The different roaming categories are summarized by the table below,together with the actions performed in each case by the mobile terminalMT. TABLE 1 Handover categories INTER-SUBNET INTRA-SUBNET HOMOGENEOUSLink_Request_(—) Link_Request_(—) (HANDOVER) Access (MT) Access (MT)DHCP_Discover (MT) DHCP_Discover (MT) DHCP_Request (MT) Config IPAddress (MT) Configure Tunnel (MT, SERVER) HETERO- Link_Request_(—)Link_Request_(—) GENEOUS Access (MT) Access (MT) (VERTICAL DHCP_Discover(MT) DHCP_Discover (MT) HANDOVER) DHCP_Request (MT) DHCP_Request (MT)Config IP Address (MT) Config IP Address (MT) Configure Tunnel (MT,Configure Tunnel (MT, SERVER) SERVER)

Intra-subnet homogeneous handover requires no reconfiguration of networkprotocols, since the bearer lower layers solve the handoff at the linklayer.

Inter-Subnet homogeneous roaming is somewhat more complex: level tworoaming is again performed by the bearer as before, but there is now theneed to re-configure the client's IP address in order to be able tocommunicate within the new subnet. A new IP address therefore has to beassigned automatically to the mobile terminal MT. While a new IP addressallows communication towards the new subnet, the end-to-end IPcommunication between the mobile terminal MT and the server 10 isseverely affected, since applications cannot have knowledge of themobile's IP address change, neither at the mobile side nor at the serverside. In this case IP connectivity is lost and running applications mustbe restarted in order to communicate with the new IP address. Solutionsthat are able to maintain the same mobile terminal IP address even whenperforming Inter-Subnet roaming should preferably be found.

Intra-Subnet heterogeneous roaming does not need IP reconfigurationsince access points AP are configured as bridges, but a technologyswitch causes the MAC address of the wireless card used in the mobileterminal MT to change. This may necessitate refreshing the mobileterminal's ARP entry on the first-hop router ARP table. Also the linkMaximum Transmission Unit (MTU) may change.

Inter-Subnet heterogeneous roaming is similar to the second scenario,except that the underlying technology changes. The problem from thenetwork layer point of view is however the same.

A Proposed Embodiment of the Present Invention

If the mobile terminal MT moves within the same subnet only, no problemsarise since its IP address does not need to change and end-to-endcommunication with the server 10 is always possible. When switchingbetween two technologies, the MAC address of the network interfaceschanges.

Network layer roaming gets difficult when the mobile terminal MT crossesdifferent subnets, either maintaining the same technology (homogeneous)or switching between two different technologies (heterogeneous). Infact, when mobile terminal MT moves between access points AP that servetwo different IP subnets, two mandatory requirements clash with eachother:

-   -   1. The mobile terminal MT needs to obtain a new IP address to        participate in the new subnet.    -   2. The mobile terminal MT needs to maintain same IP address to        keep connectivity with the server 10 (as seen by the        application).

Differentiating between the IP addresses used to connect to the subnetand the IP address used to connect to the server 10 and using theso-called “IP in IP tunneling” the problem can be solved. This techniqueincludes encapsulating an IP datagram in another IP datagram. Beforeillustrating the solution the following terminology should be introducedfor IP addresses:

-   -   IP_BEARER. This is the IP addresses that the wireless        connectivity bearer automatically assigns to the mobile terminal        MT.    -   IP_CLIENT: Belongs to the mobile terminal MT. The IP address the        applications communicate with. It is assigned by the server 10        and never changes during roaming or switching.    -   IP_SERVER: Belongs to the server. It is the address the        applications use to communicate with the client MT.    -   IP_TEP: Belongs to the server. The valid IP address the server        is seen on the Internet or other IP network as the case may be.

Their role in the IP-IP tunnel is depicted in FIG. 3. The idea is tomaintain application connectivity by means of the IP_CLIENT andIP_SERVER, which never change. The server 10, using a special protocol,assigns IP_CLIENT to the mobile. Traffic between these two addresses iscarried (or “encapsulated”) in the IP communication between the tunnelend points. Server endpoint IP_TEP is fixed, while client MT end-pointmay change as a result of Inter-Subnet roaming. Using this approach, itis possible to maintain the same IP address for applications, and relyon dynamically allocated IP addresses for traffic carrying.

In FIG. 4, a class diagram of the main functional blocks of the targetsystem is depicted using standard Unified Modeling Language (UML)notation. The main classes, their methods as well as class relationshipsare shown. This diagram shows the main classes of the client-serversystem and is intended for the sole purpose of describing the mainfunctional blocks of a design according to an embodiment of the presentinvention. On the left side are found the main client classes, theMobileNode, which represents the application and the ClientRoutingclass, which embeds all the functionality to handle the network and DLClayer issues, e.g. the IP-IP tunneling and the detection and managementof available wireless infrastructures. In fact, this class exportsmethods to request access to a wireless network, to detect when ahandover is needed, to receive information from the server 10 to setupthe IP-IP tunnel and to actually configure tunneling.

On the right side of FIG. 4, the server side classes are depicted; inparticular the ApplicationServer, the TunnelEndPoint and the AAAServer.The first is usually a Web server that is also able to run scripts andgenerate dynamic Web pages, but may also include features like e-mailexchange server or database access. The TunnelEndPoint class is used toset-up IP tunnel with mobile clients MT, while the AAAServer classperforms Authentication, Authorization and Accounting of the mobileclients. It also assigns IP addresses that can be used by clientsthroughout a session. In the present embodiment it is suggested to use asimple Web-based AAA server, which controls the activation andconfiguration of the Tunnel Endpoint for a specific client. The otherclasses represent the Wireless access networks (e.g. Bluetooth,IEEE802.11 and GPRS), which all implement the Bearer interface. Finallyan Internet class is also shown.

The relationships among classes can be read as follows (from left toright). The MobileNode class uses ClientRouting to access a Bearer. TheBearer uses the Internet to connect to the TunnelEndPoint, which is usedby the ApplicationServer. An AAAServer is associated with the a TunnelEndpoint.

The Mobile Terminal that wants to access the system contacts theAAAServer by requesting a specific dynamic Web page, the request beingprotected with SSL. An access script is then executed to control theclient access rights. This step may include the authentication server tocontact a specific database. Upon successful client authentication, theAAAServer contacts the Tunnel Endpoint by means of a proprietaryprotocol and sets up the tunnel for the authenticated client. Finallythe AAAServer returns a Web page to the client to indicate that theprocess has successfully completed. In this page the application IPaddress is returned as well, which the ClientRouting class can pick tosetup the tunnel on the mobile terminal.

Dynamic behavior of objects that implement these classes is detailedbelow by means of sequence diagrams for two cases:

-   -   1. initial access of the mobile node to the service; and    -   2. change of the wireless access network that is used by the        mobile node to access the server through the Internet (i.e. the        vertical handover itself).

Initial Access to the Server

Initial access to the server is shown in the time sequence diagramdepicted in FIG. 5 and includes the steps outlined below.

-   -   1. Mobile terminal Link Layer detects wireless infrastructure        (e.g. Bluetooth, IEEE802.11 or GPRS) availability. Bluetooth is        used in the example.    -   2. Mobile terminal MT requests an IP_BEARER address by means of        the DHCP protocol or PPP in case of GPRS.    -   3. Bearer's wireless infrastructure examines the request and        offers host configuration information to the mobile terminal MT.    -   4. Mobile terminal MT configures its wireless interface with the        data provided by the wireless infrastructure. Mobile terminal MT        is now able to establish direct communication with the server 10        with its newly assigned IP_BEARER address.    -   5. Mobile terminal MT sends an HTTP request to the well-known        AAAServer web server's address, using its new IP_BEARER.    -   6. the AAA Server analyses the request and identifies the mobile        terminal MT by means of an authentication protocol.    -   7. If authentication succeeds, the IP_CLIENT address is computed        and assigned to the mobile client.    -   8. Server tunnel is set up    -   9. End to end tunnel configuration is sent to the RM and    -   10. Mobile terminal's tunnel is set up.    -   11. Server's tunnel is set.        After the tunnel has successfully been set up, communication        between the mobile terminal MT and the server 10 takes place        between the fixed IP_CLIENT and IP_SERVER. When subnet switching        is then performed, the tunnel end-points of the client MT and        the server TEP are reconfigured while the IP_CLIENT address        remains constant.

Execution of a Vertical Handover

When a vertical handover has to be executed, the sequence of operationsdepicted in FIG. 6 is performed. The example that has been used refersto a mobile terminal MT using Bluetooth™, which exits a building anddetects a GPRS network infrastructure.

-   -   1. A Routing Manager object (RM) detects that a new wireless        infrastructure is available (GPRS) and the lower drivers (DLC)        make a Link Layer connection available.    -   2. An IP_BEARER_(—)2 address is requested to the new detected        infrastructure (GPRS network).    -   3. The GPRS bearer authenticates and decides for the        IP_BEARER_(—)2 address to be assigned to the mobile terminal MT.    -   4. The GPRS interface is automatically configured by means of        PPP facilities.    -   5. If handover is needed,    -   6. tunnel is re-configured substituting the previous IP_BEARER        address (IP_BEARER_BT) with the new one (BT_BEARER_(—)2).    -   7. Using DIRECT connection to the server 10 (i.e. using the new        IP_BEARER_(—)2 address), the mobile terminal MT informs the        web-based authentication server that its tunnel re-configuration        is needed, using a secure binding update message in the form of        a HTTPS request.    -   8. Web-based authentication server executes a script and updates        the Tunnel Endpoint configuration for the mobile terminal MT.    -   9. It then confirms a successful binding update back to the        mobile client.    -   10. Communication between IP_CLIENT and IP_SERVER is made        available again using the new tunnel configuration.

It should be noted that the Tunnel Endpoint should check client activityand, in case no traffic is generated for a specified amount of time, thetunnel should be deleted and the IP_CLIENT returned to the clientaddresses pool.

The proposed solution therefore provides seamless roaming facilitiesbetween different wireless standards and different IP subnets inenvironments where a mobile terminal MT configuration is entrusted to aproperly configured centralized server 10. No requirements are placed onwireless access networks themselves at all. The purpose of thecentralized server 10 is to support mobility of clients MT by means ofproper configuration of IP tunneling and to provide informationretrieval through a common Web interface. Authentication and securitymechanisms can also be easily treated in this context. Compared toMobile IP protocols, the proposed solution is less resource consumingand its implementation simpler.

Security

As far as security is concerned, the following mechanisms are included:

-   -   applications are based on a secure data transfer such as Secure        Socket Layer (SSL) applied to HyperText Transfer Protocol        messages (HTTPS);    -   location updates are also protected using the same secure data        transfer, e.g. HTTPS;    -   access to the wireless network may be controlled through        standard mechanisms (e.g. access points AP connected to a RADIUS        server and GPRS SIM based security); and    -   software or hardware firewalls are used whenever the access        networks need to connect to the Internet, or other IP-based        network as the case may be.

While the present invention has been particularly shown and describedwith respect to a preferred embodiment, it will be understood by thoseskilled in the art that changes in form and detail may be made withoutdeparting from the scope and spirit of the invention. AAAAuthentication, Authorization and Accounting ARP Address ResolutionProtocol GPRS Generalized Packet Radio System HTTP HyperText TransferProtocol IETF Internet Engineering Task Force IP Internet Protocol LANLocal Area Network MAC Medium Access Control MT Mobile Terminal MTUMaximum Transmission Unit PAN Personal Area Network RM Routing ManagerTCP Transmission Control Protocol TEP Tunnel End Point UDP User DatagramProtocol WLAN Wireless Local Area Network WPAN Wireless Personal AreaNetwork

1. A communications system comprising: a) an Internet Protocolcompatible communications network; b) a client device arranged in use toconnect to said network in accordance with one of a plurality ofcommunications standards and to change between said communicationsstandards under predetermined circumstances; and c) a server arranged inuse to couple to said network so to communicate with said client device,wherein said client device and said server are arranged in use tocommunicate at the network layer through an Internet Protocol tunnelingtechnique, such that an Internet Protocol address of said client deviceremains the same during a handover from a first said communicationsstandard to a second said communications standard.
 2. A system accordingto claim 1, wherein said Internet Protocol tunneling techniquedifferentiates between an Internet Protocol address used to connect saidclient device to a subnet and an Internet Protocol address used toconnect said client device to said server.
 3. A system according toclaim 1, wherein said Internet Protocol tunneling technique encapsulatesone Internet Protocol datagram within another Internet Protocoldatagram.
 4. A system according to claim 1, wherein a server endpoint ofsaid Internet Protocol tunneling technique is substantially fixed and aclient device endpoint is changeable as a result of roaming.
 5. A systemaccording to claim 1, wherein said Internet Protocol tunneling techniquemaintains one Internet Protocol address for applications and relies ondynamically allocated Internet Protocol addresses for carriage oftraffic.
 6. A system according to claim 1, wherein network structure ofbearers of at least two said communications standards are generallyunrelated.
 7. A system according to claim 1, wherein a saidpredetermined circumstance initiating a said change between saidstandards comprises at least one of usage cost, bandwidth availability,received signal strength, link quality, link availability,signal-to-noise ratio, power consumption or user intervention.
 8. Asystem according to claim 1, wherein a transition between two saidcommunications standards is performed with reconfiguration of thenetwork layer.
 9. A system according to claim 1, wherein a link layerhandover for each of two said communications standards, between saidclient device and a network unit such as an access point, is unrelatedat the driver level and said link layer handover is performedindependently for each said standard.
 10. A system according to claim 1,wherein said client device is automatically assigned a new InternetProtocol address during a vertical handover between two saidcommunications standards, for example during inter-subnet roaming.
 11. Asystem according to claim 1, wherein no new Internet Protocol address isassigned to said client device in the event that the or each networkaccess point used by said client device before and after a said verticalhandover between two said communications standards belong to the sameInternet Protocol subnet, for example in the event of intra-subnetroaming or in the event of a switch between a Wireless Personal AreaNetwork (WPAN) and a Wireless Local Area Network (WLAN).
 12. A systemaccording to claim 1, further comprising a routing manager adapted tomonitor which one or more of said communications standards may beemployed and to make decisions on switches between communicationsstandards used based on said monitoring.
 13. A system according to claim12, wherein said routing manager makes a said decision on the basis ofat least one of an input from a lower layer, on the location of saidclient device or on user requirements.
 14. A system according to claim12, wherein each said communications standard accesses said networkthrough an individual interface and said routing manager is adapted todeactivate one or more of said interfaces at least temporarily underpredetermined conditions, for example to achieve a power saving.
 15. Asystem according to claim 1, further comprising a security arrangementadapted to allow only authorized client devices to access said network,said security arrangement preferably including one or more of thefollowing: a) applications based on a secure data transfer such asSecurity Socket Layer (SSL); b) location updates protected using asecure data transfer such as Security Socket Layer (SSL) applied to HTTPmessages (HTTPS); c) access to the network is controlled, e.g. accesspoints connected to a RADIUS server and GPRS SIM card based security;and d) firewalls used whenever access networks for a said communicationsstandard need to connect to the Internet, or other Internet Protocolbased network.
 16. A system according to claim 1, wherein a saidcommunications standard comprises one of IEEE 802.11b, Bluetooth™ andGPRS.
 17. A method of performing communication in an Internet Protocolcompatible network, the method including: a) connecting a client deviceto said network in accordance with one of a plurality of communicationsstandards and changing between said communications standards underpredetermined circumstances; b) coupling a server to said network forcommunicating with said client device; c) communicating between saidclient device and said server at the network layer through an InternetProtocol tunneling technique, keeping an Internet Protocol address ofsaid client device the same while handing over from a first saidcommunications standard to a second said communications standard.
 18. Asoftware product having encoded thereon an executable program adapted toenable implementation of the steps: a) connecting a client device tosaid network in accordance with one of a plurality of communicationsstandards and changing between said communications standards underpredetermined circumstances; b) coupling a server to said network forcommunicating with said client device; c) communicating between saidclient device and said server at the network layer through an InternetProtocol tunneling technique, keeping an Internet Protocol address ofsaid client device the same while handing over from a first saidcommunications standard to a second said communications standard.
 19. Aclient device for use in a system according to claim 1, said clientdevice being adapted to communicate with said server in accordance withone of a plurality of communications standards and to change betweensaid standards under predetermined circumstances, said communicationbeing performed by means of an Internet Protocol tunneling technique,said client device preferably comprising a mobile terminal such as aPersonal Digital Assistant (PDA), a lap-top computer or a mobiletelephone.
 20. A server, for use in a system according to claim 1, saidserver being adapted to communicate with one or more said client devicesin accordance with one of a plurality of communications standards and tocontrol changes between said standards under predeterminedcircumstances, said communication being performed by means of anInternet Protocol tunneling technique.